Zimbra hacked =(

Hi there, we have been hacked. I wonder if anyone could help get to the bottom of it. Mails have been sent out from addresses that do not exist within zimbra. (ra@ourdomain, co@ourdomainde@ourdomain ,ki@ourdomain ,lu@ourdomain , by@ourdomain, cy@ourdomain) I have no idea how they have been sent.. the only reason i knew there was a problem at first was a number of users reported they had bounce messages for things they had not sent. It turns out they were members of a list (NUT@our domain). the sever has had its network cable unplugged but, i can still see things that are being added to the queue.

Can I make it so zimbra will only send mail when a user has Authenticated and has a valid address? What is the best way to diagnose if there is a virus or if there is an account
compromised?

Using IMAP over ssl. Can a user send mail without authenticating?

I have looked through log file after log file but am lost as to making anything tally..

Sorry for the slow reply, the server is offline so im not getting notifications.. must change my address on here.. thanks for the info. Very helpful. one account came up quite a lot. I will change its password. Im going to enforce password complexity for the whole domain I think..